Posted
by
samzenpus
on Friday February 17, 2012 @03:03AM
from the cop-in-the-machine dept.

superglaze writes "Following its takedown earlier this week of the music blog RnBXclusive, the UK's Serious Organised Crime Agency (SOCA) has claimed that "a number of site users have deleted their download histories" in response. Given that the site didn't host copyright-infringing files itself, how do they know? We've asked, but SOCA refuses to discuss its methods. A security expert has pointed out that, if they were hacking using Trojans, the police would themselves have been breaking the law. Added fun fact: SOCA readily admits that the scare message it showed visitors to the taken-down site was written 'with input from industry.'"

Cool when you're watching nefarious plotting on Taggert or Law and Order: UK but not so funny when it's you. And the accusation is that you're depriving a Hollywood mogul.00000001 per cent of a payment on this third Mercedes.

Proving that megacorps have more rights than people... I'll believe corporations are people when texas successfully executes one.

Till then:- You commit a felony, you go to jail and lose your voting rights.- Corporation commits a felony: no jail time, a pittance of a settlement/fine, and they still have the right to buy off elected representatives with unlimited campaign contributions.

Actually the whole feudal idea of felons and the segregation that goes with it is pretty disgusting. Basic rights should only be able to be taken away by the judiciary using due process. Even the American Constitution writers reconized that, which is why they have the ban on letters of attainment.America and Nigeria I believe are the only countries still with the idea that whole classes of citizens should lose rights permanently for doing something stupid when young, even after they've payed the price.

Of course! The question is, what are people going to do about it? We can't vote our way out of this mess because becoming a part of the system requires one to be corrupted by it first. Boycotts are ineffective because many of these companies have so many millions of customers that it's virtually impossible to effect their bottom line (besides the fact that they just make up the difference by ripping off their remaining customers), and others are so deeply enmeshed with the government that it would be pre

Let's all go out and register a company, for which there is 1 person employed, who's salary is $1 per year, and of which the company makes a loss per year. Even better, make it a non-for-profit organisation.

The company buys the computer.The company pays for the internet service.The company pays for any VPN or other services used.

If you get sued or arrested then you point to the company and say 'I am but an employee' of company X. You will need to sue my company.

The police in the UK are not allowed to lie to you in an interview. Lying to a suspect in order to elicit information is an example of "oppression" and is grounds for the evidence obtained to be struck out.

And before someone responds with "ah, but that doesn't stop them doing it before the interview" - interview, in this context, is defined very widely in UK law. I don't think you could engineer a situation in which you could lie to the suspect without it becoming part of the interview.

Cops in the UK don't understand the laws they are enforcing. They break the law all the time without knowing it, and spread misinformation about the law. Take the knife law, for instance. Some cops will tell you carrying any knife in public is illegal, unless you have a valid reason. The fact is, any folding knife that does not lock and has a cutting edge of under 3 inches is legal to carry by anyone, for no reason at all (so most Victorinox are perfectly legal to have in your pocket). It only becomes an offense if it is brandished or used in an unlawful manner.

Come, visit us in the US. The police are allowed to lie to you. There was an article a while back where the police, while interrogating someone, told this someone that his female neighbor had provided them with evidence. She had no idea that the police were using her name as a foil. Guess what happened? This someone had her killed.

No warning, no mention, no possibility to protect herself.

The best part is, the police believe they can lie to the judge. And they do it ALL THE TIME. While on the stand, while re

"a number of site users have deleted their download histories"
What does that even mean? Cleared their IE Browsing History? Deleted their Chome cache? Removed things from FireFox's "Recent Downloads" folder?

It probably means that the JavaScript/CSS trick for determining what sites you've visited no longer shows that the IP number of believed downloaders have visited those sites. Which probably just means the government authorities in question don't know what "dynamic IP" means, but I digress....

Firefox has this creepy new dashboard on New Tabs that shows parts of your history, and it's semi-permanent-sorta even if you delete parts of your history in the settings. I didn't do any exhaustive research, just that I noticed a top level partial history delete didn't work. All I'm saying is that stuff like the new Google data-merge is gonna intersect eventually with the cops/govt spreading their fear campaigns.

It means nothing. Absolutely nothing. Even supposing SOCA knew that users had "deleted their download histories", why would they care? Why would they tell everyone?

Either someone doesn't know what they are talking about, or they are trying to scare people by suggesting that they may know more than they think they do. My estimation is that either is a good possibility.

A lot of the users and likely a majority were minors. This is the message SOCA sent out to the world on behalf of copyright industries, we will imprison you children for ten years and issue unlimited fines bankrupting them for life, no age minimum.

How about honest users. I would to open a music download account, say even with Apple but should I, seriously think about it. On one hand I pay a dollar per song and get it on the other hand if Apple cheat, e

Perhaps they were using browser exploits to determine if people had cleared their history or cache. Most (all?) of the major browsers used to allow Javascript to detect if links had been visited, so it could check known pages on the site to see if they had been accessed. Similarly the server can tell if files are in the browser's cache because it doesn't re-download them.

Combine that information with IP address logs and you know... well, nothing actually, but if the message they posted on the site is anything to go by they either don't understand that or are just lying deliberately. My guess is that this claim is the latter.

If you look at the site now the threats have been removed, like someone told them to stop breaking the law themselves. The result of IPCC complaints probably.

My guess would be the former... They just don't understand the technology.

Don't get me wrong, they probably do have staff who do understand, it's just that those staff aren't the ones communicating with people outside SOCA. For that matter, I don't think those people even understand criminal investigation either. Look at that industry sponsored message they had on the domain seizure notice.

This JS history snooping sounds plausible, technically, but maybe not so practically. Besides the question of whether running such a script is legal: how did they manage to run those scrips?

To run such a history snooping script, a user has to visit a web site that runs said script. It's not likely the torrent site will do this for the authorities. It is also not likely that users will regularly visit anti-piracy web sites. They may visit it once, to get some information or out of curiousity, but well not much to repeat visits for.

Or is it done by the ISP? Who then would basically inject a js part into web pages the user downloads? Doesn't sound like a nice thing to do, to say the least.

Besides, such scripts afaik can only do something like "did you visit slashdot.org?": asking for specific URLs. I have not heard of a way to ask a browser "please tell me all sites this user has visited, and all urls which include slashdot.org". The first example shows whether or not the user visited the home page, the second example would give a list of all stories the user has opened, comments they opened, etc. You'd need the second method to be able to query a user's history for specific downloads.

Information from the browser cache determines whether to redownload a file, but the cache should be site-specific. Even if one site asks to download parts from another site, the browser should just reply "done" when the request is processed, regardless of whether that bit is locally available already or that it had to be downloaded.

The only legal way to obtain download histories would be if the user has a public profile on a web site that lists that user's download history (not likely) or that they would indeed come with a search warrant, confiscate the user's computer, and analyse its contents (even less likely).

So all in all this sounds like an illegal hacking action by the UK police.

Besides which, last I checked even the domain-specific js snoop didn't work anymore in FF or Chrome.

Given that they both basically keep themselves up-to-date, I don't think you could ever reliably say anything about hit rates. And certainly not well enough to claim people are actively clearing their histories.

No idea on IE, but no matter how you cut it, it's most likely total bullshit. More scare tactics from scumbags.

My guess would be that the authorities may have included such a Javascript in the 'scare page' that is currently replacing the regular site. Regular visitors return to the site by following a bookmark, etc, and while the scare page is open in their browser the Javascript runs.

It would have likely been a part of the initial investigation to either set up a crawler to index the site before it was taken down, or simply pull down the RSS feed of new posts and scrape them for hrefs pointing to mp3s or otherwise. They could thus compile a list of "downloadable" files which had appeared on the blog.

Once the scare page has been put up, they could use the Javascript on the page to fetch lists of these download URLs, insert them into a hidden div on the page, and check each URL's "visited" status in unpatched browsers, sending the results back to the server asynchronously and logging them along with the IP and any other browser stats of the user in question. In this way they could glean data about which files from the site the current user had downloaded.

Now, assuming the above is even close to what happened in reality, I would guess that the site in question has had a large number of hits from curious bystanders (ie the slashdot / HN crowd) since the scare page went up, most of whom would have "clean" download histories as they had never visited the site during its operation. Maybe the people gathering stats have misinterpreted this as "lots of users who cleared their download history" before returning to the site.

May be so, but I don't really believe this. The main objection against your theory is that there will be a huge list of potential links (I think a safe assumption is that the site listed tens of thousands of individual downloads), making the page very large. And such an attack would be quite easily detectable, particularly as it's a known issue.

So basically their illegal shenanigans make the global news (including slashdot), and tens to hundreds of thousands of people world wide go clicking links in the article to see the take down notice.

They interpret this as tens to hundreds of thousands of returning pirates, who must have cleared their cache and history!

Now they get to claim the site was WAY more popular in members than it actually was, and some huge conspiracy is going on to keep them hidden and secret.

In their minds, they are not doing anything wrong, and in fact are heros for this action.So why would anyone be upset at rights violations and want to see if the news stories are true?That's simply impossible. We are all long time members using the site to download trillions of songs, and we all clear our history daily to avoid getting caught, because their javascriptlet told them so.

If SOCA, Serious Organised Crime Agency dealing with serious organized crime is fighting copyright infringement, then what is the agency called that deals with such things as mobsters, thieves, assassinations and illegal prostitution gangs? Those organized crimes aren't serious enough for SOCA? They sure are causing a lot more harm to the tax-payers.

It is funny that their take-down notice is copyrighted itself too. They should take-down the zdnet article for re-printing a screenshot of it, and then replace it with the actual page that the screen shot is of.

It is worth following JackOfKent on twitter for his insight into this. He noted that the take-down notice could actually be a contempt of court [twitter.com].

We've supported the "industry" for our whole lifes, and put some weak and slimy politicians into the government which have their background and friends in that said "industry"...what did you expect to happen?

Are you suggesting that torrenting a movie isn't a serious crime worthy of attention from an agency tooled-up for tackling mobsters and terrorist threats? I look forward to the SAS being deployed by local councils to deal with people who sneak for free in to concerts.

SOCA will be investigating it because the computer crime division is under the auspices of SOCA. The alternative would be investigation by a local force, and that would be undesirable both because piracy is not local and because they do not have the same expertise in online crime. I accept that the name is slightly misleading here but it's a practical choice not one based on how serious the crime is.

This isn't detracting from the investigation of gangs or killers. The people who investigate money laundering

These cretins ought to be dealing with people traffickers, gang crime and other actual Serious Organised Crime.

That they are taking down music sharing sites is ridiculous. The justification I heard recently was even more laughable. It was serious organised crime because it cost the record labels 15 million.

Ah, record label mathematics, even better than cop math!

I don't doubt that these sites are hives of illegal activity. What they are not is a serious threat to the British public, which SOCA should be concentrating on, not pissing into the wind trying to clamp down on piracy.

For starters, it's crime. It's murderous even: it kills music, it kills artists, it kills the studios and labels. And it is theft too, of course.

It's also serious, see above. Murder is a serious crime. So is theft - that's what I see on stickers pasted in shops against shoplifting. "Theft is a serious crime". I'm not going to argue with that, theft is a crime. So is murder. And it's serious.

And organised those web sites are. A large organisation, with its tentacles all over the place. They have hackers gaining access to unreleased music for them, other hackers that post complete albums or illegal recordings of concerts and whatnot. Well organised they must be, how else could they serve those thousands upon thousands of customers every day.

So of course it's a task for the SOCA. Drug dealers be damned, that're minor guys, not worth bothering with. But those music thieves must be stopped!

The fact that SOCA is investigating is not because music sharing is the most serious type of crime. It's because the e-crime unit is under the auspices of SOCA (rather than a local police force). A lot of online crime is referred to SOCA for this reason despite the fact that it would not normally be of the type they investigate. Frankly I think that in a lot of cases this makes sense rather than each local force maintaining a cyber-crime division, althoug

Resources are still limited. For every person working in the e-crime unit, there is one less person dealing with the people traffickers etc. The e-crimes bureaucracy will also be struggling with the other units to get more funding and if they win they will take more resources from the others.

I'm not sure how to respond to this comment. On the one hand I don't want to be impolite. I have no interest in online feuding and so when I post I am normally trying to give information (or request it) and not score points or get angry.

On the other hand though, I can't help but get frustrated with people who have - and I don't mean to cause any offence but I think it's fair to say - no idea what they are talking about weighing in as though they were experts. This is SOCA, a massive part of the UK police fo

"Prejudice" is a very common word in legal drafting. It means nothing more than a detrimental effect.

If a person was going to buy an album but doesn't because I give them all the tracks for free then that has very clearly prejudiced the interests of the copyright holder. Importantly it is not any single act (e.g. sharing one song once) that must amount to prejudice, it is the distribution as a whole. If I distribute a copyrighted song to 1000 people and as a result fewer copies of it are sold then I have pr

So it sounds like we more or less agree that file sharing itself is not a crime then. The difficulty of proving prejudice, beyond reasonable doubt, from any individual instance of file sharing makes it sound almost impossible that anyone would be tried for file sharing, let alone convicted in court, unless they shared vast amounts of material to many people. So what is the e-crime agency doing investigating the non-criminal activities of file sharers? SOCA's own statement on the censored website claimed t

You are making two statements that are mutually incompatible: that file sharing is "not a crime" and that it would be very difficult to prove. If it were not a crime then there would be nothing to prove.File sharing is, I think, potentially a crime. As you identify what is important is the extent. I don't see any reason that what is going on would stop being distribution - so long as the extent is great enough - because a peer-to-peer protocol is used rather than a server-to-peer protocol. That would be a

I read the events a little differently. It sounds more likely to me that they posted a message about what they did, at the same time threatening individuals on behalf of the corporate interests that are behind the raid in the first place. Then they realised that they had overstepped both their own authority and the law of the land, and withdrew their confession. I have no intimate working knowledge of SOCA either, but I can't think of any other plausible reason why they would have posted that message. T

You started by saying that SOCA should not have been investigating because there was no crime.You then accepted that that was not correct but said that individual file-sharing was not a crime.I think - and apologies if I have misunderstood - that you have now accepted that individual file-sharing could be a crime but are saying that the message posted on rnbxclusive.com was a "confession" to illegal acts.

Just to address your point about mutual incompatibility, perhaps I could have been clearer. It is almost impossible to prove prejudice beyond reasonable doubt, as you said. Causing prejudice is a crime. File sharing is not a crime unless it leads to prejudice.

A lot of pirates seem to get into piracy for the free stuff, but turn political once they realise how potentially dangerous anti-piracy efforts are. It's easy to conclude that effective copyright enforcement and freedom on the internet are mutually incompatible - and if one has to go, make it copyright.

Write them a letter if you are in the UK even. In fact, it'll probably be more effective.

Personally for me, as a British citizen living in the UK, admittance by a police officer that my PC may have been hacked simply for visiting a site linked in a news article gives me all the justification I feel I need to submit a formal complaint to the IPCC and to my MP.

Whether it has or not, and whether the officer knew what he was on about is neither here nor there, the fact he believes that it's legitimate policing needs to be stamped right out.

Here's what I sent them. If I had been wider awake, I would have skipped the last paragraph. I enjoyed writing it, but sarcasm is almost always counterproductive.

Dear SOCA,

When I saw the takedown notice at RnBXclusive, I was sure that it was a spoof. The bald statements about the guilt of "the individuals behind this website," apparently unproved in court, the threats of prosecution to myself, and the speculative claims about the "future of the music industry," seemed too absurd to be written by a serious law enforcement agency. Then, the advertisement for pro-music.org at the end made it clear that this was either a spoof by pro-music, or more likely by an opponent trying to embarrass pro-music.

I was astonished to find acknowledgment on your own web site that this absurd text was indeed your own.

I never heard of RnBXclusive before, and have no opinion whatsoever regarding the legality of the behavior of "the individuals behind" that website, nor your takedown of the site and reported arrest of the "individuals." But I hope that you will be more careful in the future to post only relevant and sensible notices that stay well within the scope of your legal mission.

I recommend to you the Electronic Frontier Foundation (www.eff.org) as a source of careful analysis of online behavior by individuals, corporations, governments, and law enforcement agencies. They do not appear to have posted any specific comments about RnBXclusive, SOCA, or your recent arrest and DNS takeover, but they can provide some of the best advice available when consulted.

If you must advertise legal sources of music downloads, let me recommend my favorite, magnatune.com, which is not represented by those "behind" the pro-music.org website, and which will perhaps suffer competitively from your public endorsement of pro-music.org.

What judge granted the 15 million claim? You can't take down people's businesses just because someone claims they are costing them money in illegal damages. If that's the truly a fact, they could sue in court for the losses. Once the losses were validated by a Judge, they could first ask the losses to be paid. If those weren't paid, they could have the assets of the business confiscated. Maybe *then* you would have a case for taking down the website, but not before.

What they did there was make a false allegation against him and anyone who downloaded music. He can't now get a fair trial because he's been accused of theft by the police publicly but they haven't brought a theft charge against him confirming it is a false claim.

They prejudiced his trial.

So what they need to do at this point is get back within the limits of the law, and stop propagandizing. The police have no place in society as a political campaign group.

Also they need to recognize that RIAA now represents less than 30% of music sold, and that 2011 was the biggest year for music sales on record. Copyright infringement is copyright infringement, it's dealt with by copyright laws, not theft laws. The only input they should be seeking on a take down notice is LEGAL input on the LAWS as they stand in the UK. Nothing else.

I shoulda visited the site a few hundred dozen, times. In Canada, downloading music is legal. Damn I love the levy, I really do. But you've got a very good point, not only did they ruin the chain of evidence, but they've ensured that there will never, ever be a fair trial what so ever.

Personally for him? I'd sue them into the ground for defamation of character and libel. They've already lost as it stands, as they can't use anything they've already claimed as evidence.

Its their "network" and your ip and usage is logged for a short time in some detail. Ip and billing data might be kept for many, many months, but if your quick:)
They know the site, the names of the files and have a time frame. The rest is UK wide database work.
This was done with very unique data from newsgroup posts. Take the data to the isp's and do a massive search seeking people who downloaded the file/s.

Dear Chief Inspector Dimbleby, please taze those bros for us. By the way, we may have a position of Director of Law Enforcement Liason available up next quarter. No reason we mention that. How's your police pension looking? Love and cuddles, the IFPI.

Take this with as much salt as you think it needs.... but the easiest way I can think of to do this is actually quite possible with no hacking.

Step 1: Take over the site through legal means.Step 2: Troll through the server logs, getting the IP addresses of everyone that's downloaded a.torrent file in the last month. There's a good chance the configuration for how much to keep in the way of logs won't have been nailed down to "almost nothing" because until recently, most of the sites that hosted nothing but.torrent files thought they were on fairly solid legal ground so didn't need to worry about that sort of thing.Step 3: Filter the list you got in step 2 for all IP addresses assigned to UK ISPs.Step 4: Contact those ISPs with a court order requesting:- Identity of who had IP address XX.XX.XX.XX at the appropriate date/time.- What else those people had been downloading. You don't need DPI-type information; if a customer has also been downloading lots of other.torrent files over an insecure link (dead easy to find out because many ISPs operate transparent proxy servers for HTTP traffic) and subsequently used a lot of bandwidth, that may well be enough to get a court order to seize the customer's own computer equipment.

You want a higher burden of evidence before getting a court order? Fine, limit it to IP addresses that have been visiting the site regularly and downloaded a lot. Yes, dynamic IP addresses do change but they don't typically change on an hourly basis. A single IP address that downloads a lot over the course of a couple of hours could easily be enough.

There. You've now got enough information to monitor the UK without having to plant a single trojan or do a single thing illegally.

Except for a flaw in 2b: It would requite SOCA sieze computer equipment from a significant number of users. They could do that easily enough, but they couldn't do it without being noticed - one of those victims would be sure to talk about it, and we'd all know by now. As we've heard nothing about home computer seizures, that rules out another possibility.

I'm favoring the simpliest explanation: Someone at SOCA just made the 'deleting histories' thing up in order to scare people a little more. They are relyi

Then they hunt pirates using an agency with the equally grossly misname "Serious Organized Crime Agency". File sharing was never organized, nor was it a crime. Theft barely is, and only if the stuff you're stealing is valuable enough, and as we just said - file sharing is not even theft.

True, but realistically a TV is just such an essential part of a modern lifestyle that it's almost unthinkable for a household not to have one. That's grounds to suspect any unlicenced household of having an illegal TV. Not proof, but suspicious enough to send an inspector around to take a look.

The above posters are right: TV detector vans were used once upon a time, when TVs were rarer and electromagnetically noisy. They don't work on non-CRT TVs though.

If youre like me, then tv signal is not available (there is no aerial on the roof and even if there was I suspect it still would not pick up anything). I have a TV, but because I don't fancy getting a dish, I cannot receive any TV signals. Sadly, there is no way to submit this to the licensing people (they assume if you have a TV you must buy a licence because you are definitely watching TV). So, they sent a guy. I showed him some static, he made a note on his clipboard, and went on his way. No licence for